ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool JripBot

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: JripBot

NamesJripBot
Jiripbot
CategoryMalware
TypeReconnaissance, Backdoor, Credential stealer, Info stealer, Loader, Dropper
Description(Kaspersky) The malware set used by the Wild Neutron threat actor has several component groups, including:

• A main backdoor module that initiates the first communication with C&C server
• Several information gathering modules
• Exploitation tools
• SSH-based exfiltration tools
• Intermediate loaders and droppers that decrypt and run the payloads

Although customized, some of the modules seem to be heavily based on open source tools (e.g. the password dumper resembles the code of Mimikatz and Pass-The-Hash Toolkit) and commercial malware (HTTPS proxy module is practically identical to the one that is used by HesperBot).
Information<https://securelist.com/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/71275/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.jripbot>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:Jripbot>

Last change to this tool card: 23 April 2020

Download this tool card in JSON format

Previous: JRat
Next: JS Flash

All groups using tool JripBot

ChangedNameCountryObserved

APT groups

 Wild Neutron, Butterfly, Sphinx Moth[Unknown]2013-Feb 2013 

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]